Today, there is a lot of news that makes us feel the web is critical, so how to build a secure Web environment is incumbent on network administrators and security administrators. But paddle, which security tools should I choose?
Scanners can be help on Web sites that help create a secure website, meaning that before hackers "hack" you, test your system's vulnerabilities. We recommend the top ten Web vulnerability scanners for your reference.
1. Nikto
This is an open source webserver scanner that is able to perform a full test on Webserver's many projects, including 3,500 potentially critical file/cgi, and more than 900 server version numbers, as well as the version number specific issues on more than 250 servers. Its scanned items and plugins are often updated and can be proactively updated (if required).
Nikto can test your webserver in the shortest possible period, which is quite obvious in its log file. Just, suppose you want to experiment (or test your IDs system), it can also support Libwhisker's anti-IDs method.
It's just that not every inspection can identify a security issue, although this is the case in most cases. Some items are only informational ("info only") types of checks that look for items that do not have security vulnerabilities, but are not known to Web administrators or security project engineers. These items are usually properly labeled. Save us a lot of trouble.
2. Paros Proxy
This is an agent for evaluating vulnerabilities in Web applications, a Java-based Web Agent that evaluates vulnerabilities in Web applications. It supports the dynamic editing/viewing of Http/https, which changes items such as cookies and form fields. It contains a Web communication logger, Web snare program (spider), hash calculator, and another scanner that can test common Web application attacks such as SQL injection attacks and cross-site scripting attacks.
3. WebScarab
It is able to analyze applications that communicate using the HTTP and HTTPS protocols, and WebScarab is able to record the sessions it observes in the simplest form, and agrees that the operator views the session in a variety of ways. Assuming you need to observe the execution state of an HTTP (S)-based application, Webscarabi will be able to meet your needs. Whether it's helping developers debug other challenges or agreeing to a security professional to identify vulnerabilities, it's a great tool.
4. WebInspect
This is a powerful Web application scanner. This Application security Assessment tool for SPI Dynamics helps to identify known and unknown vulnerabilities in Web applications. It also checks to see if a webserver is configured correctly and tries some common web attacks such as parameter injection, cross-site scripting, folder traversal attacks (directory traversal), and so on.
5. Whisker/libwhisker
The Libwhisker is a Perla module that is suitable for HTTP testing. It is capable of testing httpserver for many known security vulnerabilities, especially detecting the presence of critical CGI. Whisker is a scanning program that uses Libwhisker.
6. Burpsuite
This is an integrated platform that can be used to attack Web applications. The Burp Suite agrees that an attacker would combine artificial and self-motivated technologies to enumerate, analyze, attack Web applications, or exploit the vulnerabilities of these programs. A variety of burp tools work together, share information, and agree to form the basis of a second tool for vulnerabilities discovered by one tool.
7. Wikto
Can say that this is a webserver evaluation tool, it can check the vulnerability in the webserver, and provide the same as Nikto, but add a lot of interesting features, such as back-end miner and tight Google integration. It is written for the ms.net environment, but users need to register the ability to download the second binary files and source code.
8. Acunetix Web Vulnerability Scanner
This is a commercial-grade web vulnerability scanner that examines vulnerabilities in Web applications, such as SQL injection, cross-site scripting attacks, weak password lengths on authentication pages, and so on. It has an easy-to-use graphical user interface and can create professional-grade Web site security audit reports.
9. Watchfire AppScan
This is also a business-class web vulnerability scanner. The AppScan provides a safety test throughout the application development cycle, which makes it easier to test parts and develop early security assurances. It is capable of scanning many common vulnerabilities, such as cross-site scripting attacks, HTTP response splitting vulnerabilities, parameter tampering, implicit field handling, backdoor/debug options, buffer overflows, and so on.
Ten. N-stealth
The N-stealth is a commercial-grade webserver security scanner. It is more frequent than some free web scanners, such as Whisker/libwhisker, Nikto, etc., and it claims to contain "30,000 vulnerabilities and vulnerabilities" and "add a lot of vulnerability checks every day", but that is questionable. Also note that virtually all generic VA tools, such as Nessus, ISS Internet Scanner, Retina, SAINT, and Sara, all include web scanning parts. (Although these tools do not always maintain software updates, they are not necessarily very flexible.) N-stealth primarily provides scanning for the Windows platform, but does not provide the source code.
"Collection" Top ten webserver vulnerability scanning tools